[Git][security-tracker-team/security-tracker][master] Merge in the accepted packages from buster 10.11
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 9 11:11:03 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9d3ab67 by Salvatore Bonaccorso at 2021-10-09T12:09:27+02:00
Merge in the accepted packages from buster 10.11
Though the release has not been happened yet, this is the list of
packages which were copied over from buster-pu to buster.
The final 10.11 changes need to still be verifed for any missing
additional ones.
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1894,7 +1894,7 @@ CVE-2021-3808
CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...)
- node-ansi-regex 5.0.1-1 (bug #994568)
[bullseye] - node-ansi-regex 5.0.1-1~deb11u1
- [buster] - node-ansi-regex <no-dsa> (Minor issue)
+ [buster] - node-ansi-regex 3.0.0-1+deb10u1
[stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1)
@@ -2848,7 +2848,7 @@ CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Render
CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
- atftp 0.7.git20210915-1 (bug #994895)
[bullseye] - atftp 0.7.git20120829-3.3+deb11u1
- [buster] - atftp <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - atftp 0.7.git20120829-3.2~deb10u2
[stretch] - atftp <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
CVE-2021-3798 [Soft token does not check if an EC key is valid]
@@ -3602,7 +3602,7 @@ CVE-2021-40541
CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...)
- ulfius 2.7.1-2 (bug #993851)
[bullseye] - ulfius 2.7.1-1+deb11u1
- [buster] - ulfius <no-dsa> (Minor issue)
+ [buster] - ulfius 2.5.2-4+deb10u1
NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa
CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...)
NOT-FOR-US: Zoho ManageEngine
@@ -4191,7 +4191,7 @@ CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free]
CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...)
- node-axios 0.21.3+dfsg-1
[bullseye] - node-axios 0.21.1+dfsg-1+deb11u1
- [buster] - node-axios <no-dsa> (Minor issue)
+ [buster] - node-axios 0.17.1+dfsg-2+deb10u1
NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
NOTE: https://github.com/axios/axios/pull/3980
@@ -8277,7 +8277,7 @@ CVE-2021-38562
- request-tracker5 <unfixed> (bug #995167)
- request-tracker4 4.4.4+dfsg-3 (bug #995175)
[bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1
- [buster] - request-tracker4 <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - request-tracker4 4.4.3-2+deb10u1
[stretch] - request-tracker4 <no-dsa> (Minor issue)
NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2)
NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5)
@@ -9317,7 +9317,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
{DLA-2755-1}
- btrbk 0.27.1-2
[bullseye] - btrbk 0.27.1-1.1+deb11u1
- [buster] - btrbk <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - btrbk 0.27.1-1+deb10u1
NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
CVE-2021-38172
@@ -10307,7 +10307,7 @@ CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) b
{DLA-2771-1}
- krb5 1.18.3-7 (bug #992607)
[bullseye] - krb5 1.18.3-6+deb11u1
- [buster] - krb5 <no-dsa> (Minor issue)
+ [buster] - krb5 1.17-3+deb10u3
NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
NOT-FOR-US: Hexagon GeoMedia WebMap
@@ -12530,7 +12530,7 @@ CVE-2021-36774
CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
- ublock-origin 1.37.0+dfsg-1 (bug #991386)
[bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
- [buster] - ublock-origin <no-dsa> (Minor issue)
+ [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1
[stretch] - ublock-origin <no-dsa> (Minor issue)
- umatrix <unfixed> (bug #991344)
[buster] - umatrix <no-dsa> (Minor issue)
@@ -15847,7 +15847,7 @@ CVE-2021-35368 [CRS Request Body Bypass]
RESERVED
- modsecurity-crs 3.3.2-1 (bug #992000)
[bullseye] - modsecurity-crs 3.3.0-1+deb11u1
- [buster] - modsecurity-crs <no-dsa> (Minor issue)
+ [buster] - modsecurity-crs 3.1.0-1+deb10u2
[stretch] - modsecurity-crs <no-dsa> (Minor issue)
NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
NOTE: https://github.com/coreruleset/coreruleset/pull/2143
@@ -19958,7 +19958,7 @@ CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an
CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...)
- cyrus-imapd 3.4.2-1 (bug #993433)
[bullseye] - cyrus-imapd 3.2.6-2+deb11u1
- [buster] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - cyrus-imapd 3.0.8-6+deb10u6
[stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
- cyrus-imapd-2.4 <removed>
NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
@@ -21887,14 +21887,14 @@ CVE-2021-32805 (Flask-AppBuilder is an application development framework, built
CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...)
- node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
- [buster] - node-tar <no-dsa> (Minor issue)
+ [buster] - node-tar 4.4.6+ds1-3+deb10u1
[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...)
- node-tar 6.1.7+~cs11.3.10-1 (bug #992110)
[bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
- [buster] - node-tar <no-dsa> (Minor issue)
+ [buster] - node-tar 4.4.6+ds1-3+deb10u1
[stretch] - node-tar <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
@@ -30605,7 +30605,7 @@ CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In
CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
- sabnzbdplus 3.2.1+dfsg-1
[bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1
- [buster] - sabnzbdplus <no-dsa> (Minor issue; non-free/contrib not security supported)
+ [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2
[stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported)
NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
@@ -30830,7 +30830,7 @@ CVE-2021-29426
CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...)
{DLA-2741-1}
- commons-io 2.8.0-1
- [buster] - commons-io <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - commons-io 2.6-2+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
NOTE: https://issues.apache.org/jira/browse/IO-556
CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
@@ -45278,7 +45278,7 @@ CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribu
NOT-FOR-US: video.js
CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
- node-jszip 3.5.0+dfsg-2
- [buster] - node-jszip <no-dsa> (Minor issue)
+ [buster] - node-jszip 3.1.4+dfsg-1+deb10u1
NOTE: https://github.com/Stuk/jszip/pull/766
NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...)
@@ -51357,7 +51357,7 @@ CVE-2021-21375 (PJSIP is a free and open source multimedia communication library
{DLA-2665-1 DLA-2636-1}
- pjproject <removed>
- ring 20210112.2.b757bac~ds1-1 (bug #986815)
- [buster] - ring <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...)
@@ -56432,7 +56432,7 @@ CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mariadb-10.5 1:10.5.12-1
[bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
- mariadb-10.3 <removed>
- [buster] - mariadb-10.3 <no-dsa> (Minor issue, can be fixed via point release)
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
- mysql-5.7 <removed>
- mysql-8.0 <unfixed>
NOTE: Fixed in MariaDB 10.5.12, 10.3.31
@@ -56475,7 +56475,7 @@ CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mariadb-10.5 1:10.5.12-1
[bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
- mariadb-10.3 <removed>
- [buster] - mariadb-10.3 <no-dsa> (Minor issue, can be fixed via point release)
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
- mysql-5.7 <removed>
- mysql-8.0 <unfixed>
NOTE: Fixed in MariaDB 10.5.12, 10.3.31
@@ -61753,9 +61753,9 @@ CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerab
NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
- [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
- [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -61766,9 +61766,9 @@ CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
- [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
- [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -61779,9 +61779,9 @@ CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers 460.91.03-1 (bug #991351)
- [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
- nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
- [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
@@ -88813,7 +88813,7 @@ CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring,
{DLA-2726-1}
- shiro 1.3.2-5 (bug #988728)
[bullseye] - shiro 1.3.2-4+deb11u1
- [buster] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro 1.3.2-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950
@@ -98057,7 +98057,7 @@ CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially
{DLA-2726-1}
- shiro 1.3.2-5 (bug #968753)
[bullseye] - shiro 1.3.2-4+deb11u1
- [buster] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro 1.3.2-4+deb10u1
NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...)
NOT-FOR-US: Apache ActiveMQ Artemis
@@ -98197,7 +98197,7 @@ CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because o
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
{DLA-2730-1 DLA-2239-1}
- libpam-tacplus 1.3.8-2.1 (low; bug #962830)
- [buster] - libpam-tacplus <no-dsa> (Minor issue)
+ [buster] - libpam-tacplus 1.3.8-2+deb10u1
[stretch] - libpam-tacplus <no-dsa> (Minor issue)
NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
NOTE: https://github.com/kravietz/pam_tacplus/issues/149
@@ -103231,7 +103231,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
{DLA-2273-1}
- shiro 1.3.2-5 (bug #988728)
[bullseye] - shiro 1.3.2-4+deb11u1
- [buster] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro 1.3.2-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1
NOTE: https://github.com/apache/shiro/pull/211
NOTE: https://issues.apache.org/jira/browse/SHIRO-753
@@ -103241,7 +103241,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
- xmlgraphics-commons 2.4-2 (bug #984949)
[bullseye] - xmlgraphics-commons 2.4-2~deb11u1
- [buster] - xmlgraphics-commons <no-dsa> (Minor issue)
+ [buster] - xmlgraphics-commons 2.3-1+deb10u1
[stretch] - xmlgraphics-commons <not-affected> (Vulnerable code is not present)
NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183
NOTE: https://issues.apache.org/jira/browse/XGC-122
@@ -122248,7 +122248,7 @@ CVE-2019-20226
CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...)
{DLA-2749-1 DLA-2066-1}
- gthumb 3:3.8.3-0.1 (bug #948197)
- [buster] - gthumb <no-dsa> (Minor issue)
+ [buster] - gthumb 3:3.6.2-4+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
CVE-2020-5200
@@ -131301,7 +131301,7 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy
{DLA-2273-1 DLA-2181-1}
- shiro 1.3.2-5 (bug #955018)
[bullseye] - shiro 1.3.2-4+deb11u1
- [buster] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro 1.3.2-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139
NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322
@@ -146265,7 +146265,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
- http-parser 2.9.4-2 (bug #977467)
- [buster] - http-parser <no-dsa> (Minor issue)
+ [buster] - http-parser 2.8.1-1+deb10u1
[stretch] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
[jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
NOTE: https://hackerone.com/reports/735748
@@ -155647,7 +155647,7 @@ CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke inje
NOT-FOR-US: Logitech
CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...)
- irssi 1.2.1-1 (low; bug #931264)
- [buster] - irssi <no-dsa> (Minor issue)
+ [buster] - irssi 1.2.0-2+deb10u1
[stretch] - irssi <no-dsa> (Minor issue)
[jessie] - irssi <not-affected> (vulnerable sasl code is not present)
NOTE: https://irssi.org/security/irssi_sa_2019_06.txt
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -1,66 +1,3 @@
-CVE-2019-15605
- [buster] - http-parser 2.8.1-1+deb10u1
-CVE-2021-21375
- [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1
-CVE-2021-1093
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
- [buster] - nvidia-graphics-drivers 418.211.00-1
-CVE-2021-1094
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
- [buster] - nvidia-graphics-drivers 418.211.00-1
-CVE-2021-1095
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
- [buster] - nvidia-graphics-drivers 418.211.00-1
-CVE-2021-23413
- [buster] - node-jszip 3.1.4+dfsg-1+deb10u1
-CVE-2019-13045
- [buster] - irssi 1.2.0-2+deb10u1
-CVE-2020-11988
- [buster] - xmlgraphics-commons 2.3-1+deb10u1
-CVE-2020-13881
- [buster] - libpam-tacplus 1.3.8-2+deb10u1
-CVE-2021-32803
- [buster] - node-tar 4.4.6+ds1-3+deb10u1
-CVE-2021-32804
- [buster] - node-tar 4.4.6+ds1-3+deb10u1
-CVE-2021-29425
- [buster] - commons-io 2.6-2+deb10u1
-CVE-2021-35368
- [buster] - modsecurity-crs 3.1.0-1+deb10u2
-CVE-2021-29488
- [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2
-CVE-2020-1957
- [buster] - shiro 1.3.2-4+deb10u1
-CVE-2020-11989
- [buster] - shiro 1.3.2-4+deb10u1
-CVE-2020-13933
- [buster] - shiro 1.3.2-4+deb10u1
-CVE-2020-17510
- [buster] - shiro 1.3.2-4+deb10u1
-CVE-2021-36773
- [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1
-CVE-2019-20326
- [buster] - gthumb 3:3.6.2-4+deb10u1
-CVE-2021-37750
- [buster] - krb5 1.17-3+deb10u3
-CVE-2021-33582
- [buster] - cyrus-imapd 3.0.8-6+deb10u6
-CVE-2021-2389
- [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
-CVE-2021-2372
- [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
-CVE-2021-38173
- [buster] - btrbk 0.27.1-1+deb10u1
-CVE-2021-41054
- [buster] - atftp 0.7.git20120829-3.2~deb10u2
-CVE-2021-3749
- [buster] - node-axios 0.17.1+dfsg-2+deb10u1
-(CVE-2021-3807
- [buster] - node-ansi-regex 3.0.0-1+deb10u1
-CVE-2021-40540
- [buster] - ulfius 2.5.2-4+deb10u1
-CVE-2021-38562
- [buster] - request-tracker4 4.4.3-2+deb10u1
CVE-2019-20807
[buster] - vim 2:8.1.0875-5+deb10u1
CVE-2021-3770
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9d3ab67b7d6dd80b78f0a37c5caca8844741e8f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9d3ab67b7d6dd80b78f0a37c5caca8844741e8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211009/590e2347/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list